League of Legends players told to reset passwords after breach

A monitor shows a live webcast of a match being played in the League Championship Series for League of Legends, a tournament for a PC-based video game, at Riot Studios in Santa Monica.

A monitor shows a live webcast of a match being played in the League Championship Series for League of Legends, a tournament for a PC-based video game, at Riot Studios in Santa Monica. (Mel Melcon / Los Angeles Times)

Paresh Dave

Riot Games became the latest video game developer to suffer a data breach, the Santa Monica company disclosed Tuesday.

Real names, user names, email addresses and encrypted passwords belonging to "a portion" of North American players of League of Legends game were "accessed," Riot co-founders Marc Merrill and Brandon Beck said in an online note. Additionally, 120,000 transaction records from 2011 that contained encrypted credit card numbers were also "accessed," they said.

“Our investigation is ongoing and we will take all necessary steps to protect players,” the co-founders wrote.

The company did not say how the breach occurred and the note offered few clues. The company did not immediately respond to a request for comment.

League of Legends claims 32 million players worldwide, making it arguably the most popular free online game of its kind. Players compete on their computers over the Internet. Two teams of five people are pitted against each other in a quest to capture the other’s base. Players pay real money to buy an in-game currency needed to acquire some optional extras.

Riot said users affected by the breach would be notified via email, adding that all users will be asked “to change their passwords to stronger ones that are much harder to guess.”

The company is working on developing a system to allow for email verification and text-message verification before changes can be made to an account.

Ubisoft, Konami, Nintendo are among other video game makers who notified users of personal-data breaches in recent months.

Some of the hacking incidents related to the video game industry have been connected to activists trying to spotlight what they saw as restrictive game usage policies set by companies. Another set of cyberattacks have been linked to attempts to steal the in-game currency or the computer code, perhaps to build counterfeits.